SPIP <3.1.2 - Cross-Site Scripting CVE-2016-7981
- CVSSv3 Score
- Vulnerability description
SPIP 3.1.2 and earlier contains a cross-site scripting vulnerability in valider_xml.php which allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action.
- Risk description
No risk description to display.
Upgrade SPIP to version 3.1.2 or later to mitigate this vulnerability.
- Not available